I am building an Angular service (
AuthService) like you have in your Quick Start guide. I need to be able to exchange our Auth0 accessToken for a Firebase token whenever the accessToken is updated. To do this I’ve added a refresh timer in my
AuthService to manually invoke
getTokenSilently() to get the latest accessToken and then call a REST service to mint a new Firebase token.
The problem I’m having is if I set that refresh timer to run prior to the accessToken expiration, I just receive back the same accessToken (that is about to expire). If I set it to run at the same time or slightly after the accessToken expiration, I get an error
ID token is required but missing. I have enabled refresh token rotation on the Auth0 application and enabled
offline_access on the Auth0 API for the accessToken. The
refresh_token grant type is also applied to the Auth0 application. I see the
refresh_token stored in
localStorage along with the id_token, access_token, etc. so I know I’m getting it. It seems like everything is configured correctly to enable refresh token use.
Perhaps I don’t really understand how the refresh_token is used within the bowels of
auth0-spa-js. My assumption was that it would use the refresh token to go get a new access_token from Auth0 either whenever
getTokenSilently() was invoked or by tracking the access_token expiration and automatically going to Auth0 to fetch an updated one (using the web worker). What triggers the use of the refresh token by
auth0-spa-js and if
getTokenSilently() will not force it, is there another method that can be called to force the silent refresh?
Any help, greatly appreciated. Thanks!